Apache Log4j Critical Vulnerability (CVE-2021-44228) in the context of Symetri Naviate applications
15 December 2021
December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to resolve a critical remote code execution vulnerability (CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1. Apache Log4j is commonly used Java logging library with Apache Tomcat web applications.
Vulnerability details can be found from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Naviate Security Advisory
- Naviate for Revit
- Naviate for Civil 3D
- Naviate Nexus
- Naviate Plant3D
- XL Products
We have not identified any components in the above product families that is affected by Log4j vulnerability.
We are not installing or using anything related to The Log4j library.
Even though current versions of Naviate products are not affected by this vulnerability, Symetri always recommends its customers to keep their software up to date.
The latest release are available on www.naviate.com/downloads.
If you have any questions or concerns, please contact your local account manager or the Naviate team firstname.lastname@example.org.